Forum:How to make samba root access password protected
After running IOMTOOLS and making root access available with write permissions, it seems anybody on the network can connect and add/remove/delete whatever they want. So I would like to make the "Root" share password protected. I tried several things: SCENARIO #1 Add password to root account, using command "passwd" and followed prompts to enter and verify new password. (But then the ALL shares are inaccessible from Windows). So I telnet back in using new password and use command "passwd" again and hit "enter" (for blank password) at prompts to enter and verify new password. (All shares are accessible again) SCENARIO #2 Add user using command "adduser" BusyBox v1.1.3 (2008.08.05-12:04+0000) multi-call binary Usage: adduser OPTIONS user_name Adds a user to the system Options: -h DIR Assign home directory DIR -g GECOS Assign gecos field GECOS -s SHELL Assign login shell SHELL -G Add the user to existing group GROUP -S create a system user (ignored) -D Do not assign a password (logins still possible via ssh) -H Do not create the home directory I type "adduser root2" then I type "passwd root2" and assign "root2" as password I then change /usr/local/samba/lib/smb.conf using vi with command "vi /usr/local/samba/lib/smb.conf" # This is the main Samba configuration file. # Create by IomTools. # Global Settings global log file = /usr/local/etc/dvdplayer/samba/log/log.%m max log size = 1000 lock dir=/usr/local/etc/dvdplayer/samba/lock pid directory=/usr/local/etc/dvdplayer/samba/pid private dir=/usr/local/etc/dvdplayer/samba/priv smb passwd file = /etc/smbpasswd encrypt passwords = yes guest account = root <------ Changed to "root2" write cache size = 0 hide dot files = yes security = share <------ Changed to "user" passdb backend = tdbsam load printers = no disable spoolss = yes max open files = 10000 max connections = 4;;5 max mux = 10 max smbd processes = 4;;5 dns proxy=No use sendfile=yes guest account=root <------ Changed to "root2" encrypt passwords=yes passdb backend=smbpasswd socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=2048 SO_RCVBUF=204 read raw=yes write raw=yes oplocks=yes max xmit=65535 dead time=15 getwd cache=yes lpq cache=30 read prediction=yes client NTLMv2 auth=yes netbios name = MediaService workgroup = WORKGROUP server string = MediaService # Share Definitions ScreenPlay comment = ScreenPlay path = /tmp/hddmedia writeable = yes browseable = yes guest ok = yes usbshare comment = usbshare path = /mnt/usbmounts/sda1 writeable = yes browseable = yes guest ok = yes Root comment = Root path = / writeable = yes browseable = yes guest ok = yes <------ Changed to "no" # End 11/1/2009 11:09:17 PM Now when connecting from windows I get prompted for username and password. I tried root/ & root2/root2. I google the issue and find I need to give user "root2" a samba password with command "smbpasswd root2" but get this error: / # smbpasswd root2 '-sh: smbpasswd: not found' / # I thought I was on the right track, but am lost now. HELP! 10:11, November 3, 2009 (UTC) :Well, you made very remarkable progress. I commend you. Yes, you are on the right track. Yes, you do need to add the user. But smbpasswd is not one of the built in commands for the screenplay. That would totally suck if that were a dead end. But it isn't :) :There happens to be a toolchain that I've recently blogged about. Upon seeing your situation and seeing that you needed smbpasswd, I decided to look at the Ellion source and see if Samba was there. And it was, along with all samba utilities. So I compiled it, stripped it, and I have tested it. I used smbpasswd -a root (I've assigned root a password), gave it the samba password I wanted to use and now it is working. :So, here you go. --JCoug 05:23, November 4, 2009 (UTC) :By the way, I didn't have to do the root2 or change the security to user. It asks for the password for guest and I just put in the smb root password. Worked great! --JCoug 06:35, November 4, 2009 (UTC) Jcoug, Thank you for compiling that smbpasswd file for the rest of us to use. I also have the samba shares password protection working, but its not quite what I want. I want to share the MAIN MEDIA portion of the drive without a password (as it is out the box) and the ROOT (file system) share with a password. So I am going to do something similar to this ( http://ubuntuforums.org/showthread.php?t=710144 ) unless you know an easier way to get the job done. MacDaddy SF 07:21, November 4, 2009 (UTC) :Actually, that's exactly how mine works. Look at my blog entry. My Main media does not require a password, and it asks for a password when I try to browse to my root file system. --JCoug 08:40, November 4, 2009 (UTC)